Trustwave Microphisher Tool Mimics Spear-Phishing Attacks

By Sean Michael Kerner |
Posted 2013-08-01

LAS VEGAS—Phishing is about to get a whole lot more personal, thanks to ethical hackers at Trustwave. A new tool that is being released at the Black Hat security conference by security researchers from Trustwave aims to improve social engineering attacks with more targeted and convincing spear-phishing messages.

The tool uses online activity as a digital fingerprint to create a better spear phisher. Spear-phishing messages are highly targeted, socially engineered attacks designed to trick a user into thinking that a message that is a fraud is in fact legitimate.

Trustwave security consultants Joaquim Espinhara and Ulisses Albuquerque, built their tool to help users improve IT security.

The goal of the Microphisher tool is to help craft messages that are similar in appearance, style and language usage to a given person of interest, Espinhara told eWEEEK. The general idea is to be able to write and send a message to the spear-phishing target that looks as though it legitimately came from a known contact, he said.

The Microphisher tool is being released under the GPLv3 open-source license via the social coding Website GitHub. The first release starts with the initial concept and provides a reference implementation, Espinhara said.

The system uses the open-source MongoDB database, Albuquerque said, adding that Microphisher doesn't normalize the data it pulls in, rather it just ingests the raw data from various online sources, including social media sites.

The tool then helps the security researcher craft a legitimate-looking message using the same language tone and style that the target has been using in their online lives.

So does it work?

"It has been hit and miss mostly," Espinhara said. "But we tested it mostly on security guys, so that's not the best audience, but that's what we had access to at this point."

Trustwave provides social-attack engineering services that aim to check the readiness of an organization, said Espinara, who said he sees Microphisher as a useful tool for penetration testing overall.

There are a number of things that users can do to protect themselves against Microphisher and phishing attacks, in general.

Espinhara recommends that people don't click on random, unknown links, even if the link appears to have come from a known source.

"You can't realy trust content from someone just because it's someone you know," Espinhara said. "You can't assume that just because it's a message that looks legitimate, that it came from the right place."

Sean Michael Kerner is a senior editor at eWeek and InternetNews.com. Follow him on Twitter @TechJournalist.